Skip to content

cisagov/ScubaGoggles

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

deef641 · Jan 9, 2025
Dec 20, 2024
Dec 20, 2024
Dec 20, 2024
Dec 20, 2024
Dec 20, 2024
Dec 6, 2023
Dec 20, 2024
Jan 9, 2025
Dec 20, 2024
Dec 15, 2023
Dec 20, 2024
Sep 5, 2024
Dec 20, 2024
Jul 24, 2023
Dec 20, 2024
Dec 20, 2024
May 16, 2024
Dec 20, 2024
Aug 21, 2024
Dec 20, 2024
Dec 20, 2024
Dec 20, 2024

Repository files navigation

CISA Logo

    ScubaGoggles

GWS Secure Configuration Baseline Assessment Tool

Developed by CISA, ScubaGoggles is an assessment tool that verifies a Google Workspace (GWS) organization's configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Secure Configuration Baseline documents.

For the Microsoft 365 (M365) rendition of this tool, see ScubaGear.

Warning

This tool is in an alpha state and in active development. At this time, outputs could be incorrect and should be reviewed carefully.

Overview

We use a three-step process:

  1. Export. In this step, we primarily use the Google Admin SDK API to export and serialize all the relevant logs and settings into json. ScubaGoggles also uses various other Google APIs to grab organization metadata, user privileges etc.
  2. Verify. Compare the exported settings from the previous step with the configuration prescribed in the baselines. We do this using OPA Rego, a declarative query language for defining policy.
  3. Report. Package the results as HTML and JSON.

Table of Contents

Installation

Prerequisites

Authentication

Usage

Troubleshooting

Project License

Unless otherwise noted, this project is distributed under the Creative Commons Zero license. With developer approval, contributions may be submitted with an alternate compatible license. If accepted, those contributions will be listed herein with the appropriate license.